About Watchcom initial security evaluation
Our security policy requires that applications pass a security evaluation before being accepted into the software sphere of SuperOffice.
This security evaluation is performed by Watchcom Security Group, a specialist on internet security.
Watchcom works for SuperOffice AS to evaluate the security of your company as a prerequisite to getting your standard application accepted.
The security evaluation is designed to make sure that you as a partner have given thought to the cybersecurity of your company and the information security of your application.
We are aware that some partners may already have done a security audit by another vendor. However, for our App Store, we require that your application goes through our particular audit because Watchcom knows SuperOffice and our environment.
What exactly is this mandatory evaluation?
The Watchcom security evaluation has 3 key elements:
- Self-assessment review
- Audit report
The self-assessment and the audit report are confidential between the partner and Watchcom. SuperOffice is only informed if there are red flags needing to be fixed.
How is the testing done?
Scan ports of exposed infrastructure
Depending on the internet presence of your company, we will scan the whole of your external infrastructure to make sure that computers in the network don’t expose services that can be easily exploited.
The focus will be on computers hosting the partner application.
Scan exposed infrastructure for vulnerabilities
Exposed services found in the previous phase will be scanned for known vulnerabilities. Watchcom employs a range of vulnerability scanners to keep up with industry standards.
Scan web applications and web APIs for vulnerability
Any web applications or web APIs that will communicate with SuperOffice’s servers will be scanned.
Watchcom’s expert penetration testers will make a limited manual audit of the application.
Audit information security
Design, architecture, infrastructure, and data storage will be audited to make sure that customer data, and data belonging to SuperOffice, is properly protected.
Does it cost anything?
You will be invoiced and pay Wathcom directly for the services delivered in connection with the security audit.
Security audits come in 3 different packages: small, medium, and large.
|Time (testing and prepare report)||7 work hours||11 work hours||18 work hours|
|Price||10.000 NOK + VAT
(approx € 995)
|15.000 NOK + VAT
(approx € 1490)
|25.000 NOK + VAT
(approx € 2480)
If the audit uncovers extensive issues that need to be fixed, it may lead to re-testing and additional auditing services. This may induce additional fees. You will be notified if and when this occurs. You are not obliged to complete and pay for an additional audit - however, failing to do so will lead to your application not being certified and therefore not listed in the SuperOffice App Store.